CISA Highlights Active Exploitation of JetBrains TeamCity Software Vulnerability
March 8, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about an actively exploited security flaw in the JetBrains TeamCity On-Premises software. The vulnerability, known as CVE-2024-27198, is an authentication bypass bug that could lead to a full server compromise by an unauthenticated remote attacker. JetBrains addressed this issue along with another authentication bypass flaw, CVE-2024-27199, earlier this week. These vulnerabilities have been exploited by unidentified threat actors to deliver Jasmin ransomware and create hundreds of rogue user accounts. The Shadowserver Foundation reported exploitation attempts beginning from March 4, 2024. GreyNoise statistics indicate that CVE-2024-27198 has been widely exploited by over a dozen unique IP addresses following its public disclosure. Users of on-premises versions of the software are advised to apply the necessary updates immediately to prevent potential threats. Federal agencies are required to patch their instances by March 28, 2024.
Related News
- Massive Exploitation of TeamCity Auth Bypass Vulnerability Leads to Creation of Admin Accounts
- Widespread Exploitation of Critical TeamCity Flaw to Create Admin Accounts
- Critical Vulnerabilities in TeamCity Pose Threat to Software Supply Chain
- Critical Exploit for TeamCity Auth Bypass Bug Available: Immediate Patching Recommended
Latest News
- Cisco Addresses High-Severity Vulnerabilities in its VPN Product
- CISA Lists Apple iOS and iPadOS Memory Corruption Bugs in its Known Exploited Vulnerabilities Catalog
- Widespread Exploitation of Critical TeamCity Flaw to Create Admin Accounts
- Massive Exploitation of TeamCity Auth Bypass Vulnerability Leads to Creation of Admin Accounts
- Crypto Mining Malware Campaign Targets Misconfigured Servers
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.
